Common Vulnerabilities and Exposures (aka CVEs) in containers, at least according to the interviews conducted for this study, are a pain (in the vuln). Chainguard conducted ten interviews with software professionals at a range of companies that build or operate containers. The interview questions dealt with the processes and workflows that these professionals use to identify, triage, and remediate CVEs in containers. Many of the questions either involved a request for a time estimate of each step of the process or probed the “why” behind the process or workflow.

This report uses data from the Synopsys Black Duck Audit Services team’s analysis of anonymized findings from 1,067 commercial codebases across 17 industries during 2023. The Audit Services team has helped security, development, and legal teams around the world strengthen their security and license compliance programs for over 20 years. The team audits thousands of codebases for our customers each year, with the primary aim of identifying software risks during merger and acquisition (M&A) transactions.

The 7th annual Hacker-Powered Security Report goes deeper than ever before with customer insights, in addition to the opinions of some of the world’s top hackers. We also take a more comprehensive look at the top ten vulnerabilities and how various industries are performing when it comes to incentivizing hackers to find the vulnerabilities that are most important to them.

In this latest State of the Internet/Security (SOTI) report, we examine various attack types that commerce organizations and their customers face. We explore our multitude of datasets in areas such as web applications, bots, phishing, and usage of third-party scripts, to get a “pulse” of what’s happening in this sector and help cybersecurity leaders and practitioners understand some of the threat trends impacting the commerce industry. Akamai sees an enormous number of attacks across all our security tools, so we can share the shifts we see in malware attacks, customer impacts, regulatory requirements, and emerging threats.

This latest installment of the Prioritization to Prediction research series, created by the Cyentia Institute and sponsored by Cisco (formerly commissioned by Kenna Security), does just that: It explores the KEV and gives some context to what it means (and doesn’t mean) for other organizations. Moreover, we demonstrate how the KEV can fit into any risk-based vulnerability management program. In fact, here are some key findings, but you’ll really want to read the whole report to get the good stuff.

In our bi-annual AppSec Indicator report, we uncover insights and trends to guide best practices in vulnerability identification and remediation. For this year’s Spring edition of the Invicti AppSec Indicator, we analyzed data from 1.7 million scans conducted by the 1,700 customers that use our cloud dynamic application security testing (DAST) offering, representing approximately half of our entire customer base.

In this report, sponsored by F5 Labs, we take a step back and examine the universe of vulnerabilities (defined by the CVE) and how it’s changed in the last 20 years. As you will see, we will find some surprising things along the way.

In this edition, we look at the attacks and trends in the gaming industry during 2020. It was a volatile year, and we’re not just speaking about the pandemic. Web attacks targeting the gaming industry were up 340% year over year between 2019 and 2020, and credentials stuffing attacks were up 224%. Strangely enough, DDoS attacks against the gaming industry fell by nearly 20% during the same period.

This SOTI report looks at current state of online gaming. it also examines the most pervasive threats coming from online criminals. Ans to fully explore the topic of attacks on gaming, we dig deeper into the data around web application and API attacks, Distributed Denial of Service (DDoS) trends, the overarching goals of attackers, and more. This report also explored the threat landscape that has grown out of the pandemic in the gaming industry and the impact of cyberattacks on gaming companies.

The State of Pentesting: 2020 report assesses which web application security vulnerabilities can be found reliably using machines and which require human expertise to manually identify. The scope of his exploration is black-box penetration testing (“humans”) against dynamic scanning and out-of-band testing (“machines”) for web applications.

A review of trends in e-commerce security and attacks based upon a variety of sources collected via Impreva Research labs.

A meta-analysis of industry reports on the variety and forms of application exploits used in security incidents.

Do exploit code releases help or harm defenders? We decided to put this hotly contested debate to the test. The seventh volume of the Prioritization to Prediction series produced in conjunction with the Cyentia Institute attacks this debate from all angles. Poring over Kenna Security’s own threat and vulnerability intelligence, anonymized platform data, and Fortinet exploitation data, we analyzed over 6 billion vulnerabilities affecting 13 million active assets across nearly 500 organizations.

A review of the threat volume and characteristics affecting e-commerce.

The 2020 edition of this annual report uses results of software scan patterns and results across thousands of global customers. A focus for this edition is the effects of nature (the corporate environment of applications) vs. nurture (the behaviors developers take) and the relative effect each has on application security.

This edition of the State of the Internet (SOTI)/Security report series focuses on the retail and hospitality sectors. An extensive review of how credential abuse attacks are carried out from both a methodology perspective and a volumetric angle is given.

A review of web application vulnerabilities as seen through Acuentix’s web scans between March 2019 and February 2020.

A report from aggregate telemetry on Contrast Security customers’ applications between June 2019 and May 2020. Covers application vulnerability prevalence, time to remediation, attacks, and composition, among other themes.

The 2020 OSSRA includes insights and recommendations to help security, risk, legal, and development teams better understand the open source security and license risk landscape.

The annual report from Snyk on the state of open source software from a security perspective. Includes survey data from 500+ developers, internal Snyk vulnerability data from the projects monitored by Snyk, and additional aggregated source code repository data.

This is the 6th annual SOTI from Akamai. The Key findings are: • Between November 2017 and October 2019, more than 40% of the unique DDoS targets were in the financial services industry • Traditional logins (username and password) still account for the majority (74%) of access methods to applications and services • From May to October 2019, credential stuffing attacks targeting the financial services industry have targeted APIs, often accounting for 75% or more of the total login attacks against financial services